function session_login($user, $openidData)
{
if (!$user) {
$user = Model::factory('User')->create();
}
if (!$user->identity) {
$user->identity = $openidData['identity'];
}
if (!$user->openidConnectSub && isset($openidData['sub'])) {
$user->openidConnectSub = $openidData['sub'];
}
if (!$user->nick && isset($openidData['nickname'])) {
$user->nick = $openidData['nickname'];
}
if (isset($openidData['fullname'])) {
$user->name = $openidData['fullname'];
}
if (isset($openidData['email'])) {
$user->email = $openidData['email'];
}
$user->password = null;
// no longer necessary after the first OpenID login
$user->save();
session_setVariable('user', $user);
$cookie = Model::factory('Cookie')->create();
$cookie->userId = $user->id;
$cookie->cookieString = util_randomCapitalLetterString(12);
$cookie->save();
setcookie("prefs[lll]", $cookie->cookieString, time() + ONE_MONTH_IN_SECONDS, '/');
log_userLog('Logged in, IP=' . $_SERVER['REMOTE_ADDR']);
util_redirect(util_getWwwRoot());
}
$data['identity'] = $provider;
if (isset($data['name'])) {
$data['fullname'] = $data['name'];
}
$user = User::get_by_identity_openidConnectSub($provider, $data['sub']);
if (!$user && $oidc->getPlainOpenid()) {
// This may be the first time the user logs in after the migration from
// OpenID 2.0 to OpenID Connect.
$user = User::get_by_identity($oidc->getPlainOpenid());
if ($user) {
$user->identity = null;
// session_login will overwrite it
}
}
if ($user) {
session_login($user, $data);
} else {
// First time logging in, must claim an existing account or create a new one
// TODO this duplicates code in revenireOpenid.php
$user = isset($data['email']) ? User::get_by_email($data['email']) : null;
$loginType = $user ? 0 : (isset($data['fullname']) ? 1 : (isset($data['nickname']) ? 2 : 3));
// Store the identity in a temporary file. Don't print it in the form, because then it can be faked on the next page.
$randString = util_randomCapitalLetterString(20);
FileCache::put($randString, $data);
SmartyWrap::assign('page_title', 'Autentificare cu OpenID');
SmartyWrap::assign('suggestHiddenSearchForm', true);
SmartyWrap::assign('data', $data);
SmartyWrap::assign('randString', $randString);
SmartyWrap::assign('loginType', $loginType);
SmartyWrap::display('auth/chooseIdentity.ihtml');
}
function authenticate($clientId, $secret)
{
$this->fetchWellKnownConfig();
if (!$clientId || !$secret) {
throw new OpenIDException('Autentificare eșuată.');
}
$url = $this->wellKnownConfig['authorization_endpoint'];
$nonce = util_randomCapitalLetterString(32);
$state = util_randomCapitalLetterString(32);
session_setVariable('openid_connect_nonce', $nonce);
session_setVariable('openid_connect_state', $state);
session_setVariable('openid_connect_provider', $this->provider);
session_setVariable('openid_connect_client', $clientId);
session_setVariable('openid_connect_secret', $secret);
$params = array('client_id' => $clientId, 'openid.realm' => util_getFullServerUrl(), 'nonce' => $nonce, 'redirect_uri' => $this->getReturnTo(), 'response_type' => 'code', 'scope' => 'openid email', 'state' => $state);
$url .= '?' . http_build_query($params, null, '&');
util_redirect($url);
}
SmartyWrap::assign('identity', $identity);
SmartyWrap::assign('email', $email);
SmartyWrap::assign('page_title', 'Parolă uitată');
SmartyWrap::assign('suggestHiddenSearchForm', true);
if ($submitButton) {
if (!$email) {
FlashMessage::add('Trebuie să introduceți o adresă de e-mail.');
SmartyWrap::display('auth/parola-uitata.ihtml');
} else {
$user = User::get_by_email($email);
if ($user) {
log_userLog("Password recovery requested for {$email} from " . $_SERVER['REMOTE_ADDR']);
// Create the token
$pt = Model::factory('PasswordToken')->create();
$pt->userId = $user->id;
$pt->token = util_randomCapitalLetterString(20);
$pt->save();
// Send email
SmartyWrap::assign('homePage', util_getFullServerUrl());
SmartyWrap::assign('token', $pt->token);
$body = SmartyWrap::fetch('email/resetPassword.ihtml');
$ourEmail = Config::get('global.contact');
$headers = array("From: DEX online <{$ourEmail}>", "Reply-To: {$ourEmail}", 'Content-Type: text/plain; charset=UTF-8');
$result = mail($email, "Schimbarea parolei pentru DEX online", $body, implode("\r\n", $headers));
}
// Display a confirmation even for incorrect addresses.
SmartyWrap::display('auth/passwordRecoveryEmailSent.ihtml');
}
} else {
SmartyWrap::display('auth/parola-uitata.ihtml');
}
